No doubt many of you reading this article have already heard or even accepted the new T&Cs from WhatsApp, but what does this mean when talking about your privacy?
Well, yesterday WhatsApp published a blog post talking about updating their privacy policy for the first time in four years. The main takeaway from the blog post was the mention of sharing WhatsApp information such as your phone number with Facebook to better target advertisements and limit spam adverts.
This recent move has raised a few questions for many so I decided to take a deeper look into the WhatsApp policies to see if your information and privacy are actually at risk but before doing that let’s take a look at how end-to-end encryption works.
End-to-end encryption is now used with WhatsApp to encrypt users’ communication using something called ‘Text Secure’ by Open Whisper. This means only the sender and receiver can see the conversation and not even WhatsApp can see the encrypted information. While we are on the subject I thought it would be beneficial to see how this end-to-end encryption solution works.
Below I have put together an example diagram which shows the following:
- Sender wants to send the receiver a message so the sender requests the public key of the receiver which is forwarded to the sender using the Text Secure server and a protocol called ‘Forward secrecy’. Note: Public keys are generated on installation and none are stored on the Text Secure server.
- Once the sender has received the public key of the receiver, the sender encrypts the message with the receiver’s public key and the message is relayed to the user through the server. The server will not be able to read the message as it doesn’t know the keys to decrypt the message.
So with the above in mind, one would think that everything is fine, well until you look further into the company’s policies. Based on my research into the company’s policies, I have found information that could suggest the company could use more than just your phone number to link your Facebook account and target advertisements.
- Under the section “Information we collect” on the WhatsApp privacy policy they say that they might store media such as, and I quote “popular videos” on their servers for a longer period. This means some information could be stored on the WhatsApp servers although if the encryption is working the way it has been designed, all communication should be encrypted until forwarded to the correct destination.
- WhatsApp mentions that they will automatically collect usage and log information which includes information about your activity (how you use their services and how you interact with others). The reason I felt this section was particularly important was that this could be used to monitor behaviour patterns when you are most active, what days and for how long. The logs collected are more than likely stored somewhere but for how long and what exactly do these longs contain? Maybe something WhatsApp can answer!
- Transaction information could be collected if you pay for the WhatsApp service, this could include information from third parties that process your payment. So does this mean WhatsApp can store your card details once you have made a payment through an app store? Unfortunately they don’t go I, no detail on the legal info page.
- When WhatsApp is installed certain device information is collected, this includes:
– Hardware model
– Operating System
– Browser Information
– IP address
WhatsApp could compile all this information, bulked together with the logs and monitor the devices you use for WhatsApp over some time and even collect approximate location details based on your IP address. All this information could be perfect for targeting ads to your Facebook account simply by seeing what devices you have used over time to install WhatsApp to targeting ads based on the public IP address used to install WhatsApp.
- WhatsApp have also noted that they collect information about your online status when you were last online and when you last updated your status. Again this information could be used to monitor your activity and target advertisements at a specific time. The information could also be used to see when you are active on WhatsApp and when you are active on Facebook and if you update both statuses when you are active. This isn’t taking into account the fact that logs may indeed collect your status messages, again WhatsApp doesn’t get into the details.
- Towards the bottom of the legal information page WhatsApp let you know that they MIGHT share your information if they believe it is required. This includes transferring information to different countries if required. This point made me believe WhatsApp could potentially have enough information on an individual user to share if they needed to.
If you have got to this part and you have decided, you actually might want to delete WhatsApp…WAIT!
For a limited time, WhatsApp is allowing users to opt out of sharing their information with Facebook. I have found a link that explains the process here. Opting out doesn’t mean WhatsApp will stop collecting this information, they will continue however, your phone number won’t be linked to Facebook.
If you still decide you would like to remove your account, you will need to ensure you delete the app using the ‘in-app delete’ function in the settings before uninstalling the application. WhatsApp state that if this isn’t done, they could be information stored on their servers for longer.
So there you have it, everyone, make your own decision as to how you wish to proceed moving forward using WhatsApp, thanks for reading.
https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages